#!/bin/bash
 
# Install script for LEMP Web Server base on CentOS 6/7 by xiaosong
cd `pwd`
# Checking
echo "Checking..."
if [ -n "`grep 'Aliyun Linux release' /etc/issue`" -o -e /etc/redhat-release ];then
    OS=CentOS
    [ -n "`grep ' 7\.' /etc/redhat-release`" ] && CentOS_RHEL_version=7
    [ -n "`grep ' 6\.' /etc/redhat-release`" -o -n "`grep 'Aliyun Linux release6 15' /etc/issue`" ] && CentOS_RHEL_version=6
fi

if [ "$OS" != 'CentOS' ] || [ "$CentOS_RHEL_version" != '6' -a "$CentOS_RHEL_version" != '7' ];then
    echo "${CFAILURE}Error: This script only support CentOS 6 & CentOS 7${CEND}";
    kill -9 $$
fi

if [ `getconf WORD_BIT` == 32 ] && [ `getconf LONG_BIT` == 64 ];then
    BIT=64
else
    echo "${CFAILURE}Error: This script only support 64 bit CentOS${CEND}";
    kill -9 $$
fi

while :; do echo
    read -p "Please type MariaDB root password:(Default lemp.sh press Enter) " MariaDB_ROOT_PWD
    [ -z "$MariaDB_ROOT_PWD" ] && MariaDB_ROOT_PWD="lemp.sh"
    [ -n "`echo $MariaDB_ROOT_PWD | grep '[+|&]'`" ] && { echo "${CWARNING}input error,not contain a plus sign (+) and & ${CEND}"; continue; }
    break;
done

# Close SELINUX
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config

# /etc/security/limits.conf
[ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
sed -i '/^# End of file/,$d' /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF

# Set timezone
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# /etc/sysctl.conf
sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
[ -z "`grep 'fs.file-max' /etc/sysctl.conf`" ] && cat >> /etc/sysctl.conf << EOF
fs.file-max = 65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 262144

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
#net.ipv4.tcp_congestion_control = hybla
#net.ipv4.tcp_fastopen = 3
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_established = 180
EOF
sysctl -p /etc/sysctl.conf

# Init
echo "Initializing..."
sudo yum -y update
sudo yum -y install vim wget epel-release unzip git

# Install the Required Repositories
echo "Installing the Required Repositories..."
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-${CentOS_RHEL_version}.rpm

echo "[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1" > /etc/yum.repos.d/nginx.repo

# Install MariaDB
echo "Installing MariaDB..."
sudo yum install -y mariadb-server

# Install Nginx
echo "Installing Nginx..."
sudo yum install -y nginx

# Install PHP
echo "Installing PHP..."
sudo yum install -y --enablerepo=remi,remi-php71 php-gd php-fpm php-cli php-pdo php-xml php-json php-common php-mcrypt php-mysqlnd php-mbstring php-pecl-zip php-opcache php-xmlrpc

# Install Composer
echo "Installing Composer globally..."
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/bin/composer

# Configure Nginx for PHP
echo "Configuring Nginx for PHP..."
IP=`curl -4 ip.llm.me`
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sudo cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
sudo cp ./conf/nginx.conf /etc/nginx/nginx.conf
sudo cp ./conf/default.conf /etc/nginx/conf.d/default.conf
sudo sed -i "s/localhost/$IP `hostname`/g" /etc/nginx/conf.d/default.conf

# Configure PHP
echo "Configuring PHP..."
sudo chown root:nginx /var/lib/php -R
sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php.ini
sudo sed -i 's/pdo_mysql.default_socket=/pdo_mysql.default_socket = \/var\/lib\/mysql\/mysql.sock/g' /etc/php.ini
sudo sed -i 's/mysqli.default_socket =/mysqli.default_socket = \/var\/lib\/mysql\/mysql.sock/g' /etc/php.ini
sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 20M/g' /etc/php.ini
sudo sed -i 's/post_max_size = 8M/post_max_size = 50M/g' /etc/php.ini
sudo sed -i 's/;date.timezone =/date.timezone = "Asia\/Shanghai"/g' /etc/php.ini
sudo sed -i 's/expose_php = On/expose_php = Off/g' /etc/php.ini
sudo sed -i 's/user = apache/user = nginx/g' /etc/php-fpm.d/www.conf
sudo sed -i 's/group = apache/group = nginx/g' /etc/php-fpm.d/www.conf
sudo sed -i 's/listen = 127.0.0.1:9000/listen = \/var\/run\/php-fpm.sock/g' /etc/php-fpm.d/www.conf
sudo sed -i 's/;listen.owner = nobody/listen.owner = nginx/g' /etc/php-fpm.d/www.conf
sudo sed -i 's/;listen.group = nobody/listen.group = nginx/g' /etc/php-fpm.d/www.conf
sudo sed -i 's/;listen.mode = 0660/listen.mode = 0660/g' /etc/php-fpm.d/www.conf

# Write PHP test file
echo "Write PHP test file..."
cat >> /usr/share/nginx/html/i.php <<EOF
<?php
phpinfo();

EOF

# Configure MariaDB
echo "Configuring MariaDB..."
sudo cp ./conf/my.cnf /etc/my.cnf
sudo cp ./conf/server.cnf /etc/my.cnf.d/server.cnf

echo "Configuring Firewall..."
if [ "$CentOS_RHEL_version" == 7 ];then
    sudo systemctl stop firewalld
    sudo systemctl mask firewalld
    sudo yum install iptables iptables-services -y
fi

sudo /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
sudo /sbin/service iptables save

# Restarting Services
echo "Restarting Services..."
if [ "$CentOS_RHEL_version" == 6 ];then
    sudo service iptables restart
    sudo service mysql restart
    sudo service php-fpm restart
    sudo service nginx restart
else
    sudo systemctl start iptables
    sudo systemctl restart mariadb.service
    sudo systemctl restart nginx.service
    sudo systemctl restart php-fpm.service
fi

# Set Up Autostart
echo "Setting Autostart..."
if [ "$CentOS_RHEL_version" == 6 ];then
    sudo chkconfig --levels 235 iptables on
    sudo chkconfig --levels 235 mysql on
    sudo chkconfig --levels 235 nginx on
    sudo chkconfig --levels 235 php-fpm on
else
    sudo systemctl enable iptables.service
    sudo systemctl enable mariadb.service
    sudo systemctl enable nginx.service
    sudo systemctl enable php-fpm.service
fi

# Done
echo "Configuring MariaDB..."
sudo mysql_secure_installation <<EOF

y
${MariaDB_ROOT_PWD}
${MariaDB_ROOT_PWD}
y
y
y
y
EOF